Replies

You are right. Features like HSRP, VRRP, GLBP are not supported on the ASA. If you have 2 ASAs in failover they share the same ip address, but only the active is taking passing the traffic. The do no pass traffic at the same time.

Now if you go in a more complicated scenario with an active/active context you can have 2 units passing traffic at the same time. But still these are different virtual firewalls that have different policies.

To summarize, HA pairs as know from IOS is not supported on ASAs in the same way.

In addition to PK comments, using your same network diagram if you have your two routers either behind or in front of ASA speaking HSRP you can have your ASA use that virtual IP.. say your internet edge routers Active/standby its HSRP IP can be your ASA default route.